ritesh/update_trusted_ips.py

## update_trusted_ips.py
import boto3
import logging
import click
from urllib.parse import urlparse

@click.command()
@click.option('--iplist', prompt='Location of the IP list in S3', help='A file with a CIDR per line of trusted IPs (only TXT supported for now)')
@click.option('--name', default='KnownIPs', prompt='Name', help='Name of the threat list')
def update_threat_list(iplist, name):
    if not valid_list(iplist):
        raise Exception("The list you've provided is not valid")
    guardduty = boto3.client('guardduty')
    response = guardduty.list_detectors()
    if len(response['DetectorIds']) == 0:
        raise Exception('Failed to read GuardDuty info. Please check if the service is activated')
    detectorId = response['DetectorIds'][0]
    # Maybe catch exceptions for InternalServerExceptions?
    paginator = guardduty.get_paginator('list_ip_sets')
    ip_sets = []
    for r in paginator.paginate(DetectorId=detectorId):
        ip_sets.extend(r['IpSetIds'])
    for ipset in ip_sets:
        print(ip_sets.index(ipset), ipset)
    if len(ip_sets) < 1:
        print("No lists found creating a new one")
        try:
            resp = guardduty.create_ip_set(
                DetectorId=detectorId,
                Name='Known IPs',
                Format='TXT',
                Location=iplist,
                Activate=True)
        except Exception as e:
            print("Could not create a new threat list")
            print(e)
            return
        print(resp)
    print("Which list do you want to update?")
    list_num = input()
    update_list = ip_sets[list_num.strip()]
    print("Updating list number", list_num)

def valid_list(listlocation):
    return True
# Trusted IP list and threat lists apply only to traffic destined for publicly routable IP addresses.
# GuardDuty doesn't generate findings based on activity that involves domain names that are included in your threat lists. GuardDuty only generates findings based on activity that involves IP addresses and CIDR ranges in your threat lists.
# The maximum size of the file that hosts your trusted IP list or threat list is 35MB.
# You can include a maximum of 2000 IP addresses and CIDR ranges in a single trusted IP list.
# You can include a maximum of 250,000 IP addresses and CIDR ranges in a single threat list.
# V    s3 = boto3.client('s3')
#     out = urlparse(listlocation)
#     try:
#         resp = s3.get_object(Bucket=o.netloc, Key=o.path.lstrip('/'))
#     except S3.Client.exceptions.NoSuchKey:
#         print("Did not find that file in S3!")
#         return false
if __name__ == '__main__':
    update_threat_list()
	import boto3
	import logging
	import click
	from urllib.parse import urlparse

	@click.command()
	@click.option('--iplist', prompt='Location of the IP list in S3', help='A file with a CIDR per line of trusted IPs (only TXT supported for now)')
	@click.option('--name', default='KnownIPs', prompt='Name', help='Name of the threat list')
	def update_threat_list(iplist, name):
	if not valid_list(iplist):
	raise Exception("The list you've provided is not valid")
	guardduty = boto3.client('guardduty')
	response = guardduty.list_detectors()
	if len(response['DetectorIds']) == 0:
	raise Exception('Failed to read GuardDuty info. Please check if the service is activated')
	detectorId = response['DetectorIds'][0]
	# Maybe catch exceptions for InternalServerExceptions?
	paginator = guardduty.get_paginator('list_ip_sets')
	ip_sets = []
	for r in paginator.paginate(DetectorId=detectorId):
	ip_sets.extend(r['IpSetIds'])
	for ipset in ip_sets:
	print(ip_sets.index(ipset), ipset)
	if len(ip_sets) < 1:
	print("No lists found creating a new one")
	try:
	resp = guardduty.create_ip_set(
	DetectorId=detectorId,
	Name='Known IPs',
	Format='TXT',
	Location=iplist,
	Activate=True)
	except Exception as e:
	print("Could not create a new threat list")
	print(e)
	return
	print(resp)
	print("Which list do you want to update?")
	list_num = input()
	update_list = ip_sets[list_num.strip()]
	print("Updating list number", list_num)

	def valid_list(listlocation):
	return True
	# Trusted IP list and threat lists apply only to traffic destined for publicly routable IP addresses.
	# GuardDuty doesn't generate findings based on activity that involves domain names that are included in your threat lists. GuardDuty only generates findings based on activity that involves IP addresses and CIDR ranges in your threat lists.
	# The maximum size of the file that hosts your trusted IP list or threat list is 35MB.
	# You can include a maximum of 2000 IP addresses and CIDR ranges in a single trusted IP list.
	# You can include a maximum of 250,000 IP addresses and CIDR ranges in a single threat list.
	# V s3 = boto3.client('s3')
	# out = urlparse(listlocation)
	# try:
	# resp = s3.get_object(Bucket=o.netloc, Key=o.path.lstrip('/'))
	# except S3.Client.exceptions.NoSuchKey:
	# print("Did not find that file in S3!")
	# return false
	if __name__ == '__main__':
	update_threat_list()